North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Hey, SiteFinder is back, again...
On Mon, 5 Nov 2007 11:17:29 -0800 David Conrad <[email protected]> wrote: > On Nov 5, 2007, at 8:23 AM, David Lesher wrote: > > What affect will Allegedly Secure DNS have on such provider > > hijackings, both of DNS and crammed-in content? > > If what Verizon is doing is rewriting NXDOMAIN at their caching > servers, DNSSEC will _not_ help. Caching servers do the validation > and the insertion of the search engine IP addresses in the response > would occur after the validation. > Depends on whether or not the endpoints delegate DNSSEC validation to Verizon. They don't have to. --Steve Bellovin, http://www.cs.columbia.edu/~smb
|